Flaw Discovered in McAfee ePolicy Orchestrator

July 14, 2006

By Kevin McLaughlin, CRN


A vulnerability in the agent software of McAfee's ePolicy Orchestrator (ePO) could enable hackers to gain unauthorized access to a system and perform a variety of malicious acts.

ePolicy Orchestrator is security management software that provides a centralized console for managing McAfee enterprise security product such as Total Protection, a solution McAfee rolled out in April that combines antivirus, antispyware, antispam, firewall and intrusion-prevention features.

The vulnerability, which affects ePO's Common Management Agent version 3.5.0 and older, stems from a directory traversal design flaw that could allow remote attackers to create any type of file on a compromised system, including Trojans and other malware, said Marc Maiffret, co-founder and CTO at eEye Digital Security, the Aliso Viejo, Calif.-based vendor that discovered the vulnerability.

Danish security firm Secunia rated the vulnerability as "moderately critical".

To take advantage of the flaw, an attacker would need to have network access to the client machine and manage to construct a message consisting of proprietary information, according to John Viega, chief security architect at McAfee, Santa Clara, Calif.

McAfee has informed customers of the flaw and is recommending they download version 3.5.5 or higher of the Common Management Agent and upgrade all ePO agents, Viega added.

Although the process of fixing the flaw is straightforward, Maiffret says updating the ePO agent can be time consuming, especially for large enterprises with thousands of PCs. However, companies need to realize the ePO agent remote vulnerability is just as critical as any Microsoft flaw, he added.

main page ATTRITION feedback